Title: xmlrpc.php Last modified: August 31, 2016 --- # xmlrpc.php * Resolved [maestrom](https://wordpress.org/support/users/maestrom/) * (@maestrom) * [10 years ago](https://wordpress.org/support/topic/xmlrpcphp-9/) * On my “Live Traffic” I get frequent visits from random countries as “Pages Not Found” to a page called “xmlrpc.php” in my wordpress directory. Can someone tell me if this is a hack attempt? * Thanks, Daniel * [https://wordpress.org/plugins/wordfence/](https://wordpress.org/plugins/wordfence/) Viewing 7 replies - 1 through 7 (of 7 total) * [bluebearmedia](https://wordpress.org/support/users/bluebearmedia/) * (@bluebearmedia) * [10 years ago](https://wordpress.org/support/topic/xmlrpcphp-9/#post-7444764) * They’re likely just “pokes” to see if there’s any site response. * If you don’t need to do use any remote site operations/services, you can disable xmlrpc completely (either in your functions.php, or via plugins). * [mountainguy2](https://wordpress.org/support/users/mountainguy2/) * (@mountainguy2) * [10 years ago](https://wordpress.org/support/topic/xmlrpcphp-9/#post-7444875) * Definitely disable it. I also rename it and/or delete it from site root. * Don’t get me started on how lame this thing is in being yet another attack vector we all have to deal with, no thanks to WordPress. * I use the plugin “Disable XML-RPC” which seems to play nice with other plugins including Wordfence. * MTN * Thread Starter [maestrom](https://wordpress.org/support/users/maestrom/) * (@maestrom) * [10 years ago](https://wordpress.org/support/topic/xmlrpcphp-9/#post-7444923) * Thanks for the help MTN and bluebearmedia, * Can you tell me what the purpose of XML-RPC is? If it is able to be disabled, what is its function to begin with? * Thanks, Daniel * [mountainguy2](https://wordpress.org/support/users/mountainguy2/) * (@mountainguy2) * [10 years ago](https://wordpress.org/support/topic/xmlrpcphp-9/#post-7444924) * It helps with building applications that do things like help with WordPress admin. It is lame. Send it to trash until you need it, which is probably never. * [https://en.wikipedia.org/wiki/XML-RPC](https://en.wikipedia.org/wiki/XML-RPC) * MTN * [wfasa](https://wordpress.org/support/users/wfasa/) * (@wfasa) * [10 years ago](https://wordpress.org/support/topic/xmlrpcphp-9/#post-7444935) * Hello maestrom, unless you are using some external services to access your WordPress installation you do not need xmlrpc.php. On Wordfence “Options” page under “Other options” and the setting “Immediately block IP’s that access these URLs” you can enter “xmlrpc.php”. This will cause anyone who tries to request that URL to be blocked. * xmlrpc.php can be used for logging in. This is why malicious users are requesting it. * Thread Starter [maestrom](https://wordpress.org/support/users/maestrom/) * (@maestrom) * [10 years ago](https://wordpress.org/support/topic/xmlrpcphp-9/#post-7445033) * Thank you wfasa and mountaingui2. While we’re on this subject, I am also noticing that my Wordfence plugin has these urls whitelisted: * /favicon.ico /apple-touch-icon*.png /*@2x.png * I am not sure why this should be the case and what the latter two need to be whitelisted for, specifically? I noticed that the apple touch icon seems to be visited a lot, as well.. * Any help would be appreciated! Daniel * [wfasa](https://wordpress.org/support/users/wfasa/) * (@wfasa) * [10 years ago](https://wordpress.org/support/topic/xmlrpcphp-9/#post-7445034) * Hello maestrom, it’s because these are often requested by devices but not present on sites so they are there to prevent you from getting lots of pointless 404s. Viewing 7 replies - 1 through 7 (of 7 total) The topic ‘xmlrpc.php’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) ## Tags * [live traffic](https://wordpress.org/support/topic-tag/live-traffic/) * [xml](https://wordpress.org/support/topic-tag/xml/) * [xmlrpc](https://wordpress.org/support/topic-tag/xmlrpc/) * 7 replies * 4 participants * Last reply from: [wfasa](https://wordpress.org/support/users/wfasa/) * Last activity: [10 years ago](https://wordpress.org/support/topic/xmlrpcphp-9/#post-7445034) * Status: resolved